Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XFai2-0000Uf-2R for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 03:19:14 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of bitpay.com designates 209.85.213.176 as permitted sender) client-ip=209.85.213.176; envelope-from=jgarzik@bitpay.com; helo=mail-ig0-f176.google.com; Received: from mail-ig0-f176.google.com ([209.85.213.176]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XFai0-0003LZ-TG for bitcoin-development@lists.sourceforge.net; Fri, 08 Aug 2014 03:19:14 +0000 Received: by mail-ig0-f176.google.com with SMTP id hn18so395388igb.9 for ; Thu, 07 Aug 2014 20:19:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=7p3jh8ZKbiqgh2woiwfQyMhzJ6oxBPl1w3NTWDad+oo=; b=inRWAxGSKEqrQIKd9M/tJcCFC1iTHtE7a3uZXocegrsj/jHpdq5TqCJmxay6Q/axJO MKscaybkX6J7mg25AA+akpN1gwmiRF0HKdDadPwo7fhHP0OPeL58Bak//qMT1Xxvbll7 WxNiymVhLH23wCDt2U6hvcbeTQMuwzdrYF0SERFz6/JsEyCYpOpYROyMVMhAW/RIAfEv rrDtTtSDjkhkLRfO/z8+Gq+JjDqQ17vaNg7IJFvy0RwyjX08NjAEAfv6Wb/4/nI71TO7 joejNEmtdaUMVQbVf43s0nfhv9td2EIVqgL4/zIEUlhAlJ9TrI4QYWSC5VWevatdcpKp c6iA== X-Gm-Message-State: ALoCoQmiOzM14TaNdrxUpckxRE2GNJ1HGzrBbpxw0PnautVE0Uh1ifcbjr+7fee2w6GmFUNAnWe6 X-Received: by 10.50.178.172 with SMTP id cz12mr1311954igc.22.1407467947461; Thu, 07 Aug 2014 20:19:07 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.10.78 with HTTP; Thu, 7 Aug 2014 20:18:47 -0700 (PDT) In-Reply-To: References: <201408072345.45363.luke@dashjr.org> From: Jeff Garzik Date: Thu, 7 Aug 2014 23:18:47 -0400 Message-ID: To: slush Content-Type: multipart/alternative; boundary=089e0149c57e0b49a4050015abd1 X-Spam-Score: 1.1 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: dashjr.org] 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XFai0-0003LZ-TG Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 03:19:14 -0000 --089e0149c57e0b49a4050015abd1 Content-Type: text/plain; charset=UTF-8 You don't necessarily need the heavy weight of SSL. You only need digitally signed envelopes between miner and pool[1]. [1] Unless the pool is royally stupid and will somehow credit miner B, if miner B provides to the pool a copy of miner A's work. On Thu, Aug 7, 2014 at 8:29 PM, slush wrote: > AFAIK the only protection is SSL + certificate validation on client side. > However certificate revocation and updates in miners are pain in the ass, > that's why majority of pools (mine including) don't want to play with > that... > > slush > > > On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr wrote: > >> On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote: >> > Hi there, >> > >> > I was wondering if you guys have come across this article: >> > >> > http://www.wired.com/2014/08/isp-bitcoin-theft/ >> > >> > The TL;DR is that somebody is abusing the BGP protocol to be in a >> position >> > where they can intercept the miner traffic. The concerning point is that >> > they seem to be having some degree of success in their endeavour and >> > earning profits from it. >> > >> > I do not understand the impact of this (I don't know much about BGP, the >> > mining protocol nor anything else, really), but I thought it might be >> worth >> > putting it up here. >> >> This is old news; both BFGMiner and Eloipool were hardened against it a >> long >> time ago (although no Bitcoin pools have deployed it so far). I'm not >> aware of >> any actual case of it being used against Bitcoin, though - the target has >> always been scamcoins. >> >> >> ------------------------------------------------------------------------------ >> Infragistics Professional >> Build stunning WinForms apps today! >> Reboot your WinForms applications with our WinForms controls. >> Build a bridge from your legacy apps to the future. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ --089e0149c57e0b49a4050015abd1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
You don't necessarily need the heavy weight = of SSL.

You only need digitally signed envelopes between miner= and pool[1].

[1] Unless the pool is royally stupid and will s= omehow credit miner B, if miner B provides to the pool a copy of miner A= 9;s work.



On = Thu, Aug 7, 2014 at 8:29 PM, slush <slush@centrum.cz> wrote:<= br>
AFAIK the only protection is SSL + certificate validation = on client side. However certificate revocation and updates in miners are pa= in in the ass, that's why majority of pools (mine including) don't = want to play with that...
slush


On= Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr <luke@dashjr.org> wr= ote:
On Thursday, August 07, 2014 11:02= :21 PM Pedro Worcel wrote:
> Hi there,
>
> I was wondering if you guys have come across this article:
>
> http://www.wired.com/2014/08/isp-bitcoin-theft/
>
> The TL;DR is that somebody is abusing the BGP protocol to be in a posi= tion
> where they can intercept the miner traffic. The concerning point is th= at
> they seem to be having some degree of success in their endeavour and > earning profits from it.
>
> I do not understand the impact of this (I don't know much about BG= P, the
> mining protocol nor anything else, really), but I thought it might be = worth
> putting it up here.

This is old news; both BFGMiner and Eloipool were hardened agai= nst it a long
time ago (although no Bitcoin pools have deployed it so far). I'm not a= ware of
any actual case of it being used against Bitcoin, though - the target has always been scamcoins.

---------------------------------------------------------------------------= ---
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D153845071&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


-----------------------------------------------------------= -------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/b= ds
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment




--
Jeff Garzik
Bitc= oin core developer and open source evangelist
BitPay, Inc. =C2=A0 =C2=A0= =C2=A0https://bitpay.com= / --089e0149c57e0b49a4050015abd1--